Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Isync Certificate Verification 信息泄露漏洞
Vulnerability Description
Isync是美国苹果(Apple)公司的一套运行于Mac OS X操作系统下的设备连接软件。该软件支持将iCal和Address Book与MobileMe以及一些设备(包括iPod,支持SyncML的手机,Palm OS和智能手机)进行同步。 Isync 1.0.6之前的0.4版本中存在安全漏洞,该漏洞源于程序没有正确验证X.509证书。攻击者可借助任意有效的证书利用该漏洞实施中间人攻击,欺骗SSL服务器。
CVSS Information
N/A
Vulnerability Type
N/A